≡ Menu

Announcement: The Common Draft collection of contract clauses and templates is posted (in draft); it includes several hundred clauses, with extensive annotations, explanations, and commentary. If you’d like to be notified of significant developments, please subscribe to updates at right. See also my first e‑book, Signing a Business Contract? A Quick Final Checklist for Greater Peace of Mind.

Privacy policy for Web sites – sample language

[Posted 2009-10-05; last reviewed 2013-08-04]

Below is a sample Web-site privacy policy; feel free to work with your lawyer to edit it for use in your own site. Comments and suggestions for improvement are welcome.

The usual cautions & disclaimers apply: Don’t rely on these materials as a substitute for legal advice; they aren’t necessarily up to date and are subject to change without notice; your using these materials does not establish an attorney-client relationship with me; etc. — SO ASK YOUR LAWYER whether these materials are right for you.

Another caution: Web-site operators and their counsel should check the Federal Trade Commission’s Red Flags Rule about privacy safeguards to see if it applies to them. Ditto for the U.S. “safe harbor” framework for compliance with the European Commission’s Directive on Data Protection.]

Introduction

[COMPANY NAME] (we” or “us”) values its visitors’ privacy. This privacy policy is effective [DATE]; it summarizes what information we might collect from a registered user or other visitor (“you”), and what we will and will not do with it.

Please note that this privacy policy does not govern the collection and use of information by companies that [COMPANY NAME] does not control, nor by individuals not employed or managed by [COMPANY NAME]. If you visit a Web site that we mention or link to, be sure to review its privacy policy before providing the site with information.

What we do with your personally identifiable information

It is always up to you whether to disclose personally identifiable information to us, although if you elect not to do so, we reserve the right not to register you as a user or provide you with any products or services. “Personally identifiable information” means information that can be used to identify you as an individual, such as, for example:

  • your name, company, email address, phone number, billing address, and shipping address
  • your [COMPANY NAME] user ID and password (if applicable)
  • credit card information (if applicable) [THIS MAY NOT BE APPROPRIATE IF CREDIT-CARD INFORMATION IS HANDLED BY THE PAYMENT PROCESSOR]
  • any account-preference information you provide us
  • your computer’s domain name and IP address, indicating
    where your computer is located on the Internet
  • session data for your login session, so that our computer can ‘talk’ to yours while you are logged in

If you do provide personally identifiable information to us, either directly or through a reseller or other business partner, we will:

  • not sell or rent it to a third party without your permission — although unless you opt out (see below), we may use your contact information to provide you with information we believe you need to know or may find useful, such as (for example) news about our services and products and modifications to the Terms of Service;
  • take commercially reasonable precautions to protect the information from loss, misuse and unauthorized access, disclosure, alteration and destruction;
  • not use or disclose the information except:
    • as necessary to provide services or products you have ordered, such as (for example) by providing it to a carrier to deliver products you have ordered;
    • in other ways described in this privacy policy or to which you have otherwise consented;
    • in the aggregate with other information in such a way so that your identity cannot reasonably be determined (for example, statistical compilations);
    • as required by law, for example, in response to a subpoena or search warrant;
    • to outside auditors who have agreed to keep the information confidential;
    • to a successor organization in the event of a merger, acquisition, bankruptcy, or other sale or disposition of all or a portion of [COMPANY NAME]‘s assets. The successor organization’s use and disclosure of your personally-identifiable information will continue to be subject to this privacy policy unless (i) a court orders otherwise, for example a bankruptcy court; or (ii) the successor organization gives you notice that your personally-identifiable information will be subject to the successor organization’s own privacy policy, along with an opportunity for you to opt out (which may cause you not to be able to continue to use the [WEB SITE OR SOFTWARE NAME]). If you submit personally-identifiable information after such a transfer, that information may be subject to the successor entity’s privacy policy;
    • as necessary to enforce the Terms of Service;
    • as necessary to protect the rights, safety, or property of [COMPANY NAME], its users, or others; this may include (for example) exchanging information with other organizations for fraud protection and/or risk reduction.

Other information we collect

We may collect other information that cannot be readily used to identify you, such as (for example) the domain name and IP address of your computer. We may use this information, individually or in the aggregate, for technical administration of our Web site(s); research and development; customer- and account administration; and to help us focus our marketing efforts more precisely.

Cookies

[COMPANY NAME] uses “cookies” to store personal data on your computer. We may also link information stored on your computer in cookies with personal data about specific individuals stored on our servers. If you set up your Web browser (for example, Internet Explorer or Firefox) so that cookies are not allowed, you might not be able to use some or all of the features of our Web site(s).

External data storage sites

We may store your data on servers provided by third party hosting vendors with whom we have contracted.

Your privacy responsibilities

To help protect your privacy, be sure:

  • not to share your user ID or password with anyone else;
  • to log off the [COMPANY NAME] Web site when you are finished;
  • to take customary precautions to guard against “malware” (viruses, Trojan horses, bots, etc.), for example by installing and updating suitable anti-virus software.

Notice to European Union users

[COMPANY NAME]‘s operations are located primarily in the United States. If you provide information to us, the information will be transferred out of the European Union (EU) to the United States. By providing personal information to us, you are consenting to its storage and use as described herein.

Information collected from children

You must be at least 13 years old to use [COMPANY NAME]‘s Web site(s) and service(s). [COMPANY NAME] does not knowingly collect information from children under 13. (See the [U.S.] Children’s Online Privacy Protection Act.)

Changes to this privacy policy

We reserve the right to change this privacy policy as we deem necessary or appropriate because of legal compliance requirements or changes in our business practices. If you have provided us with an email address, we will endeavor to notify you, by email to that address, of any material change to how we will use personally identifiable information.

Questions or comments?

If you have questions or comments about [COMPANY NAME]‘s privacy policy, send email to support@[COMPANY NAME].com, or contact us via any of the ways described in the About Us page at [URL].

Thank you for choosing [COMPANY NAME]!